Smart cards are increasingly popular as a means of strengthening user authentication and the like. Smart cards are typically configured with a user-specified personal identification number (“PIN”). For a user to authenticate using a smart card it is typically inserted into a card reader of a client machine and the user enters a corresponding PIN. Thus the user must possess the card and know the PIN in order to authenticate. Even so, the user must trust the client—that it has not been compromised and will properly and securely make use of the PIN to unlock the smart card and thus access the cryptographic data for authentication and the like.